CVE-2015-3990 – Dell Sonicwall GMS Virtual Appliance Multiple Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-3990
The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. La aplicación web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securityfocus.com/bid/74756 http://www.securitytracker.com/id/1032373 http://www.zerodayinitiative.com/advisories/ZDI-15-231 https://support.software.dell.com/product-notification/152178 • CWE-19: Data Processing Errors •
CVE-2014-5024
https://notcve.org/view.php?id=CVE-2014-5024
Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter. Vulnerabilidad de XSS en sgms/panelManager en Dell SonicWALL GMS, Analyzer y UMA anterior a 7.2 SP1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrario a través del parámetro node_id. • http://packetstormsecurity.com/files/127575/SonicWALL-GMS-7.2-Build-7221.1701-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jul/125 http://secunia.com/advisories/60287 http://www.securityfocus.com/bid/68829 https://support.software.dell.com/product-notification/128245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1359 – SonicWALL Gms 6 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-1359
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. Se presenta una Vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Analyzer versión 7.0, Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0; Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0, 5.1 y 6.0 por medio del parámetro skipSessionCheck en la interfaz UMA (/appliance/), lo que podría permitir a un usuario malicioso remoto obtener acceso a la cuenta root. • https://www.exploit-db.com/exploits/24322 https://www.exploit-db.com/exploits/24204 http://www.exploit-db.com/exploits/24204 http://www.exploit-db.com/exploits/24322 http://www.securityfocus.com/bid/57445 http://www.securitytracker.com/id/1028007 https://exchange.xforce.ibmcloud.com/vulnerabilities/81367 https://fortiguard.com/encyclopedia/ips/35264/multiple-sonicwall-products-authentication-bypass-vulns https://packetstormsecurity.com/files/author/7547 https://seclists.org/fulldisclosure/2013 • CWE-287: Improper Authentication •
CVE-2013-1360 – SonicWALL GMS/Viewpoint/Analyzer - Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-1360
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. Se presenta una vulnerabilidad de Omisión de Autenticación en DELL SonicWALL Global Management System (GMS) versiones 4.1, 5.0, 5.1, 6.0 y 7.0, Analyzer versión 7.0, Universal Management Appliance (UMA) versiones 5.1, 6.0 y 7.0 y ViewPoint versiones 4.1, 5.0 y 6.0, por medio de una petición diseñada en la interfaz SGMS, que podría permitir a un usuario malicioso remoto obtener acceso administrativo. SonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/24203 http://archives.neohapsis.com/archives/bugtraq/2013-01/0075.html http://www.exploit-db.com/exploits/24203 http://www.securityfocus.com/bid/57446 http://www.securitytracker.com/id/1028007 https://exchange.xforce.ibmcloud.com/vulnerabilities/81366 https://packetstormsecurity.com/files/cve/CVE-2013-1360 • CWE-287: Improper Authentication •